A git repository will contain information on every previous commit and all the information in that commit.
That means that if you have a git repository that contained any information such as secret keys or passwords, then you find yourself in a situation where the previous commits can be viewed and the information from those commits (even if you’ve since removed the hard coded sensitive information) is still available to anyone who can use git to analyze old commits.
In a perfect world we would all place our sensitive information in environment variables (.env file for example), but we don’t live in a perfect world.
How can one effectively search through commits for potentially sensitive information and remove them? Simply removing commits isn’t a good enough answer, because a project could have a 1000 commits to search through.
My current method for assuring a git repository is sanitized before sharing it is to simply reinitialize it with a new git repo, but this is not the most elegant solution.
In short, what is the best way to sanitize a git repository without throwing the whole history away?